A directory enabled network element, which in one embodiment, is a network device that has an element that enables querying, accessing, and updating directory information that is managed by a directory service of a network. An application programming interface (API) is configured to receive directory services requests from application programs (APs) and provide the directory services requests to the directory enabling element. A locator service is accessible using the API and configured to locate servers that provide the directory services. A bind service in the directory enabling element is coupled to a security protocol. An event service is configured to receive registration of an event and an associated action from an AP, notify the AP when the event occurs, and execute the associated responsive action. The network device can thereby automatically authenticate itself to a directory service.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An apparatus in a network element, wherein said network element is any one of a packet router and a data switch operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in a network, the apparatus comprising: a directory enabling element operable under control of an operating system of the network element, wherein the directory enabling element is configured to query, access, and update directory information that is managed by a directory service of the network that includes the network element, wherein the directory service is any one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; an application programming interface coupled to the directory enabling element and configured to receive directory services requests from application programs and provide the directory services requests to the directory enabling element, wherein the application programs are hosted in the network element; a locator service coupled to the directory enabling element and accessible using the application programming interface and configured to enable the application programs to locate servers that provide the directory services in the network; and a bind service in the directory enabling element and coupled to a security protocol and configured to bind an external application program to the security protocol.
2. An apparatus as recited in claim 1 , further comprising a Unicode translation service configured to query, access, and update directory information that is encoded in a Unicode international character format.
3. An apparatus in a network element, wherein said network element is any one of a packet router and a data switch operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in a network, the apparatus comprising: a directory enabling element operable under control of an operating system of the network element, wherein the directory enabling element is configured to query, access, and update directory information that is managed by a directory service of the network that includes the network element, wherein the directory service is any one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; an application programming interface coupled to the directory enabling element and configured to receive directory services requests from application programs and provide the directory services requests to the directory enabling element, wherein the application programs are hosted in the network element; a locator service coupled to the directory enabling element and accessible using the application programming interface and configured to enable the application programs to locate servers that provide the directory services in the network; and an event service coupled to the directory enabling element and configured to receive registration of an event and an associated responsive action from an application program, notify the application program when the event occurs, and execute the associated responsive action in response thereto.
4. An apparatus as recited in claim 1 , further comprising a group policy interface coupled to the directory enabling element and configured to receive and update the directory service with one or more definitions of directory services policies that apply to groups of network devices in the network.
5. An apparatus as recited in claim 1 , further comprising an event service coupled to the directory enabling element and accessible using the application programming interface and configured to receive registration of an event and an associated responsive action from an application program, notify the application program when the event occurs, and execute the associated responsive action in response thereto.
6. An apparatus in a packet router, wherein said packet router is operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in a packet-switched network, the apparatus comprising: a directory enabling element operable under control of an operating system of the packet router, wherein the directory enabling element is configured to query, access, and update directory information that is managed by a directory service of the packet-switched network, wherein the directory service is any one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; a bind service in the directory enabling element and coupled to a security protocol and configured to bind an application program to the security protocol; and an event service coupled to the directory enabling element and accessible using the application programming interface and configured to receive registration of an event and an associated responsive action from an application program, notify the application program when the event occurs, and execute the associated responsive action in response thereto.
7. An apparatus in a data switch, wherein said data switch is operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in a packet-switched network, the apparatus comprising: a directory enabling element operable under control of an operating system of the data switch, wherein the directory enabling element is configured to query, access, and update directory information that is managed by a directory service of the packet-switched network, wherein the directory service is any one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; a bind service in the directory enabling element and coupled to a security protocol and configured to bind an application program to the security protocol; and an event service coupled to the directory enabling element and accessible using the application programming interface and configured to receive registration of an event and an associated responsive action from an application program, notify the application program when the event occurs, and execute the associated responsive action in response thereto.
8. A computer-readable tangible storage medium storing one or more sequences of instructions for a network element, wherein said network element is any one of a packet router and a data switch operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in a network, wherein execution of the one or more sequences of instructions by one or more processors of the network element causes the one or more processors to perform the steps of: creating and storing a directory enabling element operable under control of an operating system of the network element, wherein the directory enabling element is configured to query, access, and update directory information that is managed by a directory service of the network that includes the network element, wherein the directory service is any one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; binding an application program to a security protocol; creating an event and an associated responsive action that are associated with the application program; and in response to occurrence of the event, executing the responsive action, obtaining policy information from the directory service, and converting the policy information into one or more commands that are executable by the network element.
9. A computer-readable tangible storage medium as recited in claim 8 , wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the further steps of: locating a nearest directory server and binding the application program to the nearest directory server that is located; locating a nearest event server and binding the application program to the nearest event server that is located.
10. A computer-readable tangible storage medium as recited in claim 8 , wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the further steps of: translating the policy information into one or more values that are ready to apply to a router, whereby a virtual private network is created between the router and another network device.
11. A computer-readable tangible storage medium as recited in claim 8 , wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the further steps of: translating the policy information into one or more values that are ready to apply to a set of internal data structures of a router, by calling one or more internal NOS API functions, whereby a dynamic IPSEC configuration is created that connects the router and at least one other network device.
12. A computer-readable tangible storage medium as recited in claim 8 , wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the further steps of establishing an application programming interface coupled to the directory enabling element and configured to receive directory services requests from application programs and provide the directory services requests to the one or more processors.
13. A system comprising a network element enabled to automatically interface with directory services in a network, wherein the network element is any one of a packet router and a data packet switch operable to manipulate packets at any of Open System Interconnection (OSI) Layer 2 and 3 in the network, wherein the network element comprises: a directory enabling element operable under control of an operating system of the network element, wherein the directory enabling element is configured to query, access, and update directory information that is managed by directory services of the network that includes the network element, wherein the directory services include at least one of a Lightweight Directory Access Protocol (LDAP) directory and an X.500 directory; and a locator service coupled to the directory enabling element and configured to locate servers that provide the directory services in the network; wherein the network element obtains policy information from the directory services and updates the directory service.
14. The system of claim 13 , wherein the network element includes a protocol agent for interfacing with the directory services.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 5, 1999
May 20, 2008
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.